[gptalk] Re: GPO Processing in VISTA - the whole new can of worms....no adms, now just admx files
- From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Thu, 14 Sep 2006 15:05:57 -0700
Nope, ADMX is only supported in Vista's version of the GPMC and GP Editor
Interestingly the storage of ADMXs is totally different than ADMs. ADMXs can
be stored either on the local workstation where you edit policy or in the
"Central Store", which is basically a directory in SYSVOL. If you are
editing existing GPOs from Vista, the ADMs stored in the GPT in SYSVOL are
ignored in favor of the new ADMXs either local on the Vista workstation or
in the Central Store, if it exists.
If you go to a "Vista-ized" GPO from XP, you will only see the XP
settings--the Vista ones will not be there, even though the settings
themselves may be in the GPO. So, my advice for people is, once you
introduce Vista, either create a whole new set of GPOs for Vista only, or
only manage your GPOs going forward from Vista workstations.
Darren
_____
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Omar Droubi
Sent: Thursday, September 14, 2006 2:54 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: GPO Processing in VISTA - the whole new can of
worms....no adms, now just admx files
hello Darren,
So does this mean that win 2k3 Sp1 supports the admx files already?
Will these now appear or replace the existing adm files on the DC?
What if the next administrator connects from an XP SP2 box- will both adm
and admx files show up when we look at the list of administrative templates?
Omar
_____
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Darren Mar-Elia
Sent: Thursday, September 14, 2006 1:59 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: GPO Processing in VISTA - the whole new can of
worms....no adms, now just admx files
Mark-
The bottom line is that you should not have to recreate any GPOs once Vista
hits. The ADMXs that ship with Vista are a super-set of the current ADMs and
support all of the XP and 2003 (and Win2K) settings in addition to the new
Vista ones. Now, in terms of things like logon scripts, if the scripts are
targeted at a particular OS version, then you would either need to test for
OS version in your script or have separate GPOs that are filtered by OS
version (or security group). But that is not inherent in the Vista
changes--that's just a function of what you're trying to do.
BTW, in case anyone is interested and is planning on attending, I'm doing a
session at the upcoming WinConnections show in Vegas in November on managing
GP in a Vista world.
Darren
_____
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Mills, Mark
Sent: Thursday, September 14, 2006 1:07 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] GPO Processing in VISTA - the whole new can of worms....no
adms, now just admx files
My question: Do I have to create a duplication of every Windows 2003 policy
used for my WinXP Clients and place it in the new "Central Store" used by
Vista Clients for Group Policies. (The "Central Store" is a new directory
you have to manually create on your domain controller at
%systemroot%\sysvol\domain\policies\PolicyDefinitions, which also has a
subfolder "en-us)
I was successfully able to create the new "Central Store" and copied the new
.ADMX files over to it from my VISTA RC1 pc. (note- Vista does not use .ADM
files) Since all VISTA clients now have the Group Policy Management Editor
installed by default I fired up GPMC.msc on my Vista RC1 pc, at which point
it automatically connects to the Primary Domain Controller of a domain.
I had created a new OU called Vista Test, with sub OU's of Vista User, and
Vista Computer. Since most of my Win2k3 \ WinXP Group policies would not
work correctly on the VISTA pc I created a new "User -Mapped drives- Logon
script" Group Policy Object (using the same logon script that I currently
use for my 2003\XP environment) and applied it to the "Vista User" OU, I
then created a new "user - Assign Printers to specific computers" Group
Policy that uses loop back processing and applied it to the Vista Computer
OU. Now my Vista Box and its associated user get both the mapped drives and
assigned printers.
Bottom line is that I had to re-create 2 existing GPO's. Do I have to
recreate all GPO's for any future Vista clients? Is there any problem with
1)linking a GPO for mapping drives on a XP PC and also 2) linking a GPO for
mapping drives on a Vista PC.TO THE SAME OU? Because I don't plan on
creating separate OU's exclusively for Vista pc's.
If you haven't heard about the changes in Vista Group Policy you may want to
review:
Microsoft's Step by Step Guide for Vista Group Policy: (this is a must read!
Do it now if you administer GP)
http://www.microsoft.com/technet/windowsvista/library/1494d791-72e1-484b-a67
a-22f66fbf9d17.mspx
Lab walk through of setting up Vista Group Policy
http://203.147.133.54/chass/hol/CLIHOL206.pdf
Mark Mills
Other related posts:
